We have released a number of upgrades to the Traceback direct link protection mechanism for Redirect users.
For ixkio customers using the Redirect mode with authentication NFC tags, the Traceback system is designed to prevent 'authenticated' pages on customer websites being accessed if the user hasn't been redirected from ixkio.
This is important as the typical flow on a redirect is that a user will scan an NFC tag to ixkio. Ixkio will undertake the authentication and redirect the user immediately to the landing page on the brand website to inform the user of 'authentication pass' or 'fail'. As this page is openly on the internet, it would be possible to copy the 'authentication pass' page from the brand website and encode it directly onto a counterfeit tag - therefore bypassing the ixkio auth system.
Traceback adds a small section of javascript code to the brand website's landing pages which is designed to prevent any hit on the page that hasn't come from ixkio.
The Traceback system has been widely used and we are now adding some additional features :
Multiple Configurations
It's now possible to set up more than one Traceback code in ixkio and each can be managed separately. For larger platform configurations where users might have multiple brands or possibly internal facing and customer facing responses, this can enable more complex options.
Inline Script Modifications
To increase flexibility, it's now possible to add traceback messages and fail urls directly into the javascript embedded onto your pages. This allows for either language customisation or dynamic fail pages which can be embedded at run time into your pages.
Display Pauses
The Traceback system works very quickly and many users decide to hold 'authentication pass' page display until Traceback has been completed, this can sometimes result in a screen flicker. We've added the option of a display pause which, while not necessary, can improve the user experience by informing that a check is 'in progress' (or a blank screen) and prevent the flicker. The length of display pause can be set and changed via the console.